fix: harden review and verifier governance
This commit is contained in:
phamnazage-jpg
@@ -88,9 +88,8 @@ func TestVerifyTaskDefaultsEvidenceGradeFromMode(t *testing.T) {
|
||||
ID: "T-2",
|
||||
Name: "artifact task",
|
||||
Verification: Verification{
|
||||
Mode: "artifact_present",
|
||||
Command: "echo exists",
|
||||
ExpectedEvidence: "exists",
|
||||
Mode: "artifact_present",
|
||||
TaskType: "documentation",
|
||||
},
|
||||
HasVerification: true,
|
||||
}
|
||||
@@ -104,6 +103,7 @@ func TestVerifyTaskDefaultsEvidenceGradeFromMode(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
func TestResolveTasksPathDoesNotImplicitlyFallbackToGlobal(t *testing.T) {
|
||||
root := t.TempDir()
|
||||
projectDir := filepath.Join(root, "project")
|
||||
@@ -266,3 +266,129 @@ func TestFilterTasksByStatus(t *testing.T) {
|
||||
t.Fatalf("expected all 3 tasks, got %d", len(all))
|
||||
}
|
||||
}
|
||||
|
||||
func TestDetermineProcessExitCode(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
results []TaskResult
|
||||
want int
|
||||
}{
|
||||
{
|
||||
name: "all pass",
|
||||
results: []TaskResult{{Verified: true}, {Verified: true}},
|
||||
want: 0,
|
||||
},
|
||||
{
|
||||
name: "runtime failure",
|
||||
results: []TaskResult{{Verified: false, EvidenceGrade: "runtime-verified", TaskType: "automation"}},
|
||||
want: 2,
|
||||
},
|
||||
{
|
||||
name: "artifact only failure",
|
||||
results: []TaskResult{{Verified: false, EvidenceGrade: "artifact-present", TaskType: "documentation"}},
|
||||
want: 3,
|
||||
},
|
||||
{
|
||||
name: "mixed defaults to runtime",
|
||||
results: []TaskResult{
|
||||
{Verified: false, EvidenceGrade: "artifact-present", TaskType: "documentation"},
|
||||
{Verified: false, EvidenceGrade: "runtime-verified", TaskType: "automation"},
|
||||
},
|
||||
want: 2,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
if got := determineProcessExitCode(tc.results); got != tc.want {
|
||||
t.Fatalf("exit code = %d, want %d", got, tc.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestClassifyFailureTier(t *testing.T) {
|
||||
if got := classifyFailureTier(TaskResult{Verified: false, EvidenceGrade: "runtime-verified", TaskType: "automation"}); got != 2 {
|
||||
t.Fatalf("runtime failure tier = %d, want 2", got)
|
||||
}
|
||||
if got := classifyFailureTier(TaskResult{Verified: false, EvidenceGrade: "artifact-present", TaskType: "documentation"}); got != 3 {
|
||||
t.Fatalf("artifact failure tier = %d, want 3", got)
|
||||
}
|
||||
if got := classifyFailureTier(TaskResult{Verified: true, EvidenceGrade: "runtime-verified", TaskType: "automation"}); got != 0 {
|
||||
t.Fatalf("verified tier = %d, want 0", got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestVerifyTaskClassifiesToolExecutionFailure(t *testing.T) {
|
||||
task := taskEntry{
|
||||
ID: "T-4",
|
||||
Name: "tool failure task",
|
||||
Verification: Verification{
|
||||
Mode: "test_pass",
|
||||
Command: "echo tool-out && echo tool-err 1>&2 && exit 1",
|
||||
ExpectedEvidence: "tool-out",
|
||||
TaskType: "automation",
|
||||
},
|
||||
HasVerification: true,
|
||||
}
|
||||
|
||||
result := verifyTask(task, false)
|
||||
if result.Verified {
|
||||
t.Fatalf("expected tool failure task to fail")
|
||||
}
|
||||
if result.FailureClass != "tool_execution_failure" {
|
||||
t.Fatalf("failure class = %q, want tool_execution_failure", result.FailureClass)
|
||||
}
|
||||
}
|
||||
|
||||
func TestVerifyTaskArtifactPresentMisuseBecomesConfigFailure(t *testing.T) {
|
||||
task := taskEntry{
|
||||
ID: "T-5",
|
||||
Name: "artifact misuse",
|
||||
Verification: Verification{
|
||||
Mode: "artifact_present",
|
||||
Command: "echo actual-output",
|
||||
ExpectedEvidence: "expected-output",
|
||||
TaskType: "documentation",
|
||||
},
|
||||
HasVerification: true,
|
||||
}
|
||||
|
||||
result := verifyTask(task, false)
|
||||
if result.Verified {
|
||||
t.Fatalf("expected artifact misuse to fail")
|
||||
}
|
||||
if result.FailureClass != "verification_config_failure" {
|
||||
t.Fatalf("failure class = %q, want verification_config_failure", result.FailureClass)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateVerificationRejectsArtifactPresentWithCommand(t *testing.T) {
|
||||
got := validateVerification(Verification{
|
||||
Mode: "artifact_present",
|
||||
Command: "echo exists",
|
||||
ExpectedEvidence: "exists",
|
||||
TaskType: "documentation",
|
||||
EvidenceGrade: "artifact-present",
|
||||
})
|
||||
if got == "" {
|
||||
t.Fatalf("expected artifact_present with command to be rejected")
|
||||
}
|
||||
if !strings.Contains(got, "artifact_present") {
|
||||
t.Fatalf("unexpected validation error: %q", got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateVerificationRejectsArtifactPresentForAutomation(t *testing.T) {
|
||||
got := validateVerification(Verification{
|
||||
Mode: "artifact_present",
|
||||
TaskType: "automation",
|
||||
EvidenceGrade: "artifact-present",
|
||||
})
|
||||
if got == "" {
|
||||
t.Fatalf("expected artifact_present automation task to be rejected")
|
||||
}
|
||||
if !strings.Contains(got, "artifact_present") {
|
||||
t.Fatalf("unexpected validation error: %q", got)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user